[AusNOG] AusCERT Week in Review - Week Ending 26/03/2010 (AUSCERT#20073f686)

Fri Mar 26 17:21:32 EST 2010

Alerts, Advisories and Updates:

-------------------------------

Title: ASB-2010.0089.2 - UPDATED ALERT [Win][UNIX/Linux] Firefox: Multiple

       vulnerabilities 

Date:  26 March 2010

URL:   http://www.auscert.org.au/12548

Title: ASB-2010.0091.2 - UPDATE [Appliance] Lexmark Printers and MarkNet

       devices: Multiple vulnerabilities 

Date:  25 March 2010

URL:   http://www.auscert.org.au/12552

Title: ASB-2010.0072.2 - UPDATE [Win][UNIX/Linux] libpng: Denial of service
-

       Remote with user interaction 

Date:  24 March 2010

URL:   http://www.auscert.org.au/12487

Title: ASB-2010.0090 - [Win][UNIX/Linux] vBulletin: Execute arbitrary

       code/commands - Remote/unauthenticated 

Date:  24 March 2010

URL:   http://www.auscert.org.au/12551

Title: ASB-2010.0056.2 - UPDATED ALERT [Win][UNIX/Linux] Firefox,
Thunderbird

       and Seamonkey: Multiple vulnerabilities 

Date:  23 March 2010

URL:   http://www.auscert.org.au/12411

Title: ASB-2010.0084.2 - UPDATE IBM DB2 Content Manager for z/OS Toolkit:

       Reduced security - Unknown/unspecified 

Date:  23 March 2010

URL:   http://www.auscert.org.au/12537

Title: ASB-2010.0088 - [Win] Opera: Execute arbitrary code/commands - Remote

       with user interaction 

Date:  23 March 2010

URL:   http://www.auscert.org.au/12547

Title: ASB-2009.1172.3 - UPDATE [Appliance] APC NMC based products: Multiple

       vulnerabilities 

Date:  22 March 2010

URL:   http://www.auscert.org.au/12178

Title: ASB-2010.0086 - [Win][UNIX/Linux] Firefox 3.6: Execute arbitrary

       code/commands - Remote/unauthenticated 

Date:  22 March 2010

URL:   http://www.auscert.org.au/12543

Title: ASB-2010.0087 - [Win][Linux][HP-UX][Solaris][AIX] IBM HTTP Server:

       Multiple vulnerabilities 

Date:  22 March 2010

URL:   http://www.auscert.org.au/12544

External Security Bulletins:

----------------------------

Title: ESB-2010.0278 - [HP-UX] NFS/ONCplus: Reduced security -

       Remote/unauthenticated 

Date:  26 March 2010

OS:    HP-UX 

URL:   http://www.auscert.org.au/12567

Title: ESB-2010.0277 - [RedHat] httpd: Multiple vulnerabilities 

Date:  26 March 2010

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/12566

Title: ESB-2010.0276 - [Win][UNIX/Linux][RedHat] gnutls: Multiple

       vulnerabilities 

Date:  26 March 2010

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,

       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD

       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,

       Other Linux Variants, Windows Server 2008 

URL:   http://www.auscert.org.au/12565

Title: ESB-2010.0275 - [RedHat] nss: Access privileged data -

       Remote/unauthenticated 

Date:  26 March 2010

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/12564

Title: ESB-2010.0274 - [Win][UNIX/Linux][RedHat] openssl: Multiple

       vulnerabilities 

Date:  26 March 2010

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,

       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD

       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,

       Windows Server 2008, Other Linux Variants 

URL:   http://www.auscert.org.au/12563

Title: ESB-2010.0273 - [UNIX/Linux][Ubuntu] puppet: Multiple vulnerabilities

Date:  25 March 2010

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian

       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,

       Other Linux Variants 

URL:   http://www.auscert.org.au/12562

Title: ESB-2010.0272 - [HP-UX] sendmail: Unauthorised access -

       Remote/unauthenticated 

Date:  25 March 2010

OS:    HP-UX 

URL:   http://www.auscert.org.au/12561

Title: ESB-2010.0271 - [UNIX/Linux] MIT krb5 releases krb5-1.7 and later:

       Denial of service - Remote/unauthenticated 

Date:  25 March 2010

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian

       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,

       Other Linux Variants 

URL:   http://www.auscert.org.au/12560

Title: ESB-2010.0270 - [Win][UNIX/Linux] Mime Mail and Menu Block (Drupal

       third-party modules): Multiple vulnerabilities 

Date:  25 March 2010

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,

       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD

       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,

       Other Linux Variants, Windows Server 2008 

URL:   http://www.auscert.org.au/12559

Title: ESB-2010.0269 - [Win][RedHat][HP-UX][Solaris][AIX][SUSE] HP Project
and

       Portfolio Management Center : Cross-site scripting -

       Remote/unauthenticated 

Date:  25 March 2010

OS:    Solaris, Windows 2003, Red Hat Linux, Windows 7, Windows XP, HP-UX,

       SUSE, Windows 2000, AIX, Windows Vista, Windows Server 2008 

URL:   http://www.auscert.org.au/12558

Title: ESB-2010.0268 - [RedHat] rhev-hypervisor: Multiple vulnerabilities 

Date:  25 March 2010

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/12557

Title: ESB-2010.0267 - [Cisco] Cisco Unified Communications Manager Express:

       Denial of service - Remote/unauthenticated 

Date:  25 March 2010

OS:    Cisco Products 

URL:   http://www.auscert.org.au/12556

Title: ESB-2010.0266 - ALERT [Cisco] Cisco IOS: Multiple vulnerabilities 

Date:  25 March 2010

OS:    Cisco Products 

URL:   http://www.auscert.org.au/12555

Title: ESB-2010.0265 - [Win][UNIX/Linux][Debian] mediawiki: Access
privileged

       data - Remote/unauthenticated 

Date:  24 March 2010

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,

       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD

       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,

       Other Linux Variants, Windows Server 2008 

URL:   http://www.auscert.org.au/12550

Title: ESB-2010.0264 - [RedHat] kernel-rt: Multiple vulnerabilities 

Date:  24 March 2010

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/12549

Title: ESB-2010.0263 - [UNIX/Linux] curl: Denial of service -

       Remote/unauthenticated 

Date:  23 March 2010

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian

       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,

       Other Linux Variants 

URL:   http://www.auscert.org.au/12546

Title: ESB-2010.0262 - [Debian] spamass-milter: Execute arbitrary

       code/commands - Remote/unauthenticated 

Date:  23 March 2010

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/12545

Title: ESB-2010.0261 - [Win] CA ARCserve Backup: Reduced security -

       Unknown/unspecified 

Date:  22 March 2010

OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,

       Windows Server 2008 

URL:   http://www.auscert.org.au/12542

Title: ESB-2010.0260 - [UNIX/Linux][Debian] ikiwiki: Cross-site scripting -

       Remote with user interaction 

Date:  22 March 2010

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian

       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,

       FreeBSD, Other Linux Variants 

URL:   http://www.auscert.org.au/12541

Title: ESB-2010.0259 - [Debian] pango1.0: Denial of service - Remote with
user

       interaction 

Date:  22 March 2010

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/12540

Title: ESB-2010.0068.2 - UPDATE [Win][UNIX/Linux] Drupal: Cross-site
scripting

       - Remote/unauthenticated 

Date:  26 March 2010

OS:    Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,

       OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,

       Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows

       2003, Solaris, HP Tru64 UNIX, IRIX 

URL:   http://www.auscert.org.au/12270

===========================================================================

Australian Computer Emergency Response Team

The University of Queensland

Brisbane

Qld 4072

Internet Email: auscert at auscert.org.au

Facsimile:      (07) 3365 7031

Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)

                AusCERT personnel answer during Queensland business hours

                which are GMT+10:00 (AEST).

                On call after hours for member emergencies only.

===========================================================================

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100326/aa0faeda/attachment.html>